Role authorization for FAGLB03

Similar Messages

• Role authorization for product selection

  Hi All,
  i have a requirement for which i need your help. Now my Account Manager can see all products while placing an order. I want to restrict his selection to only 5* and 6* products. That means when he will look for placing an order in the next time, he should only see 5* and 6* products not all products. Can you please tell me how to go about this role authorization. 
  your valuable inputs will be appreciated.
  Regards,
  Sasmita

  Hi,
  I feel Access Control Engine would be the most elegant and futuristic solution.
  However, you need to review all the solutions suggested. Solution suggested by Shalini and Ashish are more practical. However, generally partner product range is used in case of Sold-to parties.
  Please review all the solutions suggested and take decision based on circumstances at your client's end.
  You can get more information about Access Control Engine at
  http://help.sap.com/saphelp_crm40/helpdata/en/04/0177f9bb67ac4cafb84bb4d4c1d8fc/frameset.htm.
  Also there are several guides and cookbooks on ACE at service market place.
  Regards,
  Deepak

• Roles & Authorizations for Web Reports...

  Hello Experts,
  We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
  We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
  I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
  And also how to call a function from web applications.
  This is a kind of urgent issue any quick ideas would be greatly appreciated.

  I apologize for the difficulty in reading this  I will repost.
  We have had no training or received any documenation on WAD.  The below was created from internet research.  Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
  With our dashboard, I have a web template that contains hyperlinks for our reports.  I will call this HeaderTemplate1.  For each web page I have report templates.  These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
  The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
  Below is how our setup was tested.  Keep in mind, this was only for testing basic functionality.  If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type.  Thus, any report menu changes can be altered quickly without changing the javascript of each report template.  Also this will accomodate the few thousand users we have.
  To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks.  This, HeaderTemplate2, was added to each report template just below HeaderTemplate1.  Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
  Also, on each report template I added a text element.  The 'List of Text Elements'property was set as such; Element Type = General Text Sympol,  Element ID = SYUSER.  This Text Element was linked to a query  or view from BEx via the dataprovider.  On the HTML side, I surrounded this Text Element with
  <Font ID="UserID",,,textelement....</Font>
  Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
  [<SCRIPT language = "JAVASCRIPT">                       
    function fnRepOnLoad()
      var user_ID=document.getElementById("UserID").innerHTML;
      if (user_ID=='USER123')
        document.all["HEADTMPLT1"].style.visibility = 'hidden';
        document.all["HEADTMPLT1"].style.position = 'absolute';
      else         
        document.all["HEADTMPLT2"].style.visibility = 'hidden';
        document.all["HEADTMPLT2"].style.position = 'absolute';
  </script>
  The function results as this.  If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible.  Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
  We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
  As mentioned before, if this method is implemented, I will create a reportable master data table.  Create a customer exit variable to retrieve the header template required for the user.  This header template variable value will then be pulled by a text element on each report template.  The script function will act as follows.  If many report headers are necessary I may use a case statement.
  Var User_template=document.getElementById("UserTmplt").innerHTML;
  If UserTmplt = HeaderTemplate1
  -->  make all header templates other than HeaderTemplate1 invisible
  else
  -->  make all header templates other than HeaderTemplate2 invisible
  etc...
  I hope this helps.  Please keep me posted with your solution.  I am very interested to learn what others are doing.
  Best Regards,
  Larry

• Role authorization for CJ88 T Code

  SAP Gurus
  can any one tell me control the CJ88 T code, my client is having 4 business areas but, so in one business area employee will not access the other business area WBS element, can any one tell me how can i control
  thanks in adv
  venkat

  You could get with your Basis group to add the authorization object: F_BKPF_GSB - Accounting Document: Authorization for Business Areas to the CJ88 transaction and set it to be checked at execution.  Then you could create different roles for each business area and set them to the different values for BA.  You can use TCode SU24 to see that there are no authorization objects in CJ88 for checking BA in SAP standard.
  Alternately, you could find another role that already has this object and limit it by each area, but this would take multiple, nearly identical roles.
  Regards

• Roles/authorizations for user to Solman Diagnostics.

  We have a need to have non-administrator persons access our Sol Man
  Diags environment. We do not want them to access with j2ee_admin
  account.
  How / what roles or authorizations do I assign to restricted users so
  users cannot see the administration and setup tabs and not be able to
  turn traces on?

  The roles for the end users are mentioned in the standard SMD guide  pleas go thuroug it

• Role & Authorization for HR Administrator?

  How to define role for
  1) PA Administrator
  2) Time Administrator
  3) Payroll Administrator
  What kind of authorization should be given for
  1) PA Administrator
  2) Time Administrator
  3) Payroll Administrator
  What kind of authorization should be given to the HR Manager?

  You Normally Create ROle and Assign these users.
  1) PA Administrator
  All PA infotypes Reports etc
  2) Time Administrator
  ALl time Infotypes and reports
  3) Payroll Administrator
  All payroll Infotypes (8,9,14,15,0267) for international and reports and forms and programs if required.
  Afrasyab

• SAP BI : Roles & Authorizations

  Hi,
  I am working on roles & authorizations for SAP BI 7.0 How can I create authorization for a scenario mentioned below:
  One user (userid ALAN) has two vendors under him viz V001 & V001A.
  V001 has access to plant A001, A002 and
  V001A has access to plant A002, A003, F002.
  The data is created in SAP R3 and brought into SRM using criteria based on document type say ELEM. Even though V001 does not have access to plant A003, it can create documents of type ELEM. The business does not want this document to appear for V001.
  The business needs documents to be displayed as follows, irrespective of documents existing in SAP R3:
  Plants A001, A002 for V001 and
  Plants A002, A003, F002 for V001A.
  Please confirm if the following approach will work:
  Create vendor - plant role
  Role 1
  Vendor = V001
  Plants = A001, A002
  Role 2
  Vendor = V001A
  Plants = A002, A003, F002
  Assign User ALAN both roles Role 1 and Role 2.
  Please suggest a solution as I have to deliver about 2000+ roles by end of week.
  Thanks in advance.

  Hi,
  Seems that you are looking for a merge of the authorization. Please take a look in the note 1000004 where you are going to see the explanation about the merging.
  1000004 - Merging and optimizing analysis authorizations
  This documentation should help you.
  Regards,
  Rafael

• Restricting the ATP user for GATP - corrrect roles/authorizations

  Hi:
  If the dialog user that is used for the ATP check (from ECC to GATP) has more authorizations than needed and this is going to be a problem in production. The user can run SCM transactions from the results screen of ECC and this is not desirable.
  Therefore, the ATP user should be a restricted user that has only authorizations for this specific task. If you know what are the exact roles/authorizations to give to the ATP user, could you share them?
  Thanks in advance.
  Satish

  For R/3 please check OSS  Note 447543 - APO: Authorizations too comprehensive/not user-specific.
  "If it is necessary to have different authorization profiles in APO for different R/3 users when calling in APO, the following solution applies:
  Activate the setting in SM59 that is used for the RFC connection CURRENT USER.
  In the APO system, create the respective users and assign authorization profiles. This is necessary in order to achieve the necessary flexibility concerning authorizations in the APO system."
  For APO :
  AuthorizationsObject   C_APO_ATP in APO .
  please chose activity as per  user role.
  01       Create or generate
  02       Change
  03       Display
  04       Print, edit message
  06       Delete
  16       Execute
  39       Check
  Manish
  Edited by: Manish Kumar Rathi on Oct 21, 2008 1:24 PM

• Table for Role & Authorization group

  Hi Gurus,
  I am looking for a table or FM to get all roles for Authorization group.
  I tried in SUIM tcode but could not able to find exact DB table for these.
  Giri
  P.S.: To Moderator:
         My earlier thread was locked for the same question, I was searching in SDN and google from last 3 days and could not able to find enough information on it. AGR_USERS, TBRG, TACT are the tables i found. But still there is a link missed between Role & Authorization Group.

  Thomas,
  My report have selection screen with Auth group and user.
  If user provides Auth. Group then need to find all roles linked to auth group and users assigned to that role.
  In my investigation, there is link between Auth. Group <--> Auth. object.
  Also Auth. Object <--> Role.
  but still there is a fine link missing between Auth Group <--> Role.
  For Eg: Auth Object S_TABU_DIS will be associated to all Auth. Groups but assigned to only limited roles.
  I tried to debug the SUIM transaction multiple times but couldn't find the tables to find the link and not able to find the FM's.
  if anybody have any idea to find that link between Auth. Group & Role then it will be helpful....
  Giri

• "Low-level" authorizations for accessing BW reports - add users to role

  Using the advice in Topic "Low-level" authorizations for accessing BW reports, I have been able to publish a query to a role that has 3 test users and each user gets the same query but with different data, as determined in the tables.
  Is there a way to look up the users and e-mail addresses from a table and associate them to the role? We have several hundred e-mail recipients that will not need BW access, but only need an e-mail with a static report that contains data on their own territories.

  Hi!
  i think programatically it might be complex. You got to maintain a seperate variant of report per user and use this variant to send mail. that means you need to maintain a variant and a Broadcast setting per user. once maintained you can use it any number of times the values will be recalculated everytime.
  with regards
  ashwin
  <i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN.  you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.</i>

• Need FM which create authorization for a Role

  Hi,
  i neeed to create authorization for the roles. can anybody tell me , is there any FM to create authorization for a Role.
  it is done through PFCG transaction.
  i need a FM which creates authorization for a Role.
  Thanks in advance

  Hi Sami
  Try this link.
  Re: Programatically create Security Profiles via BAPI/FM in R/3?
  Regards
  Neha

• Roles,Authorization,Authorization objects for APD

  Hi Experts,
  Can anyone give me the list of roles,authorizations,authorization objects required related to APD.
  Its been a problem for us getting stuck at each authorization.
  With Regards,
  Meiyappan.

  The Analysis Process Designer allows you to work with a large number of objects. This includes different BW objects such as InfoProviders, InfoObjects or queries, and also other objects such as temporary database tables that are influenced by actions  already carried out and are authorization-relevant.
  Note 919614 - APD: FAQ authorization

• FAGLB03 - *"No Authorization for Transfer Prices, Third Local Currency"*

  Hi Experts,
  I am getting error while process the line item avilable in the T.Code FAGLB03- New GL Display.
  When I am double clicking any line item the system giving this below error.
  "No Authorization for Transfer Prices, Third Local Currency"
  Hope it would be same gap in the configuration level.
  Experts, please advice asap.
  Warm Regards,
  Sivakumar Sathiyamoorthy

  Hi,
  Note 1238115 - FAGLB03: Authorizations not always checked
  Sorry for inconviniecy caused
  Regards,
  jigar

• Authorization Role needed for change

  Hi,
  What role is required for user to do change/ display for IR objects .
  After role assignment is there any other configuration to be done.
  Currenlty we can only see objects in IR, dont have authorization for change.
  What needs to be done.
  Thanks.

  Hi John,
  Role: SAP_XI_Developer
  SAP_XI_DEVELOPER (Composite)
  SAP_SLD_DEVELOPER
  SAP_XI_DEMOAPP
  SAP_XI_DEVELOPER_ABAP
  SAP_XI_DEVELOPER_J2EE
  Notes:
  No access to the Administration of the XI Tools URL,
  ABAP
  C SXI_CACHE to view the cache but not refresh it
  C SXMB_MONI
  C SPROXY
  C SXMB_IFR
  D SXMB_ADM
  D SLDCHECK
  D SLDAPICUST
  SLD
  D create/change Technical /Business System
  D create Software Catalog (Product/Software Component Version)
  D create/change Development (Name Reservation, Content Browser, Class Browser).
  REPOSITORY
  D import SWCV (Software Component Version) from SLD
  D create new namespace under a SWCV
  D create/change new or existing Integration Scenarios and Integration Processes because the Software Component cannot be changed
  D create/change new or existing Interface Objects because the Software Component cannot be changed
  D create/change new or existing Mapping Objects because the Software Component cannot be changed
  D create/change new or existing Adapter Objects
  DIRECTORY
  D transfer integration scenario from Repository
  D create/change Party
  D create/change Service Without Party
  D create/change Service Receiver Determination
  D create/change Service Interface Determination
  D create/change Service Sender Agreement
  D create/change Service Receiver Agreement
        RWB
  C Component Monitoring
  C Message Monitoring
  C Performance Monitoring
  C Alert Configuration
  C Alert Inbox
  C Cache Monitoring

• Authorization Object for role creation for query display?

  Hi,
  Can Anybody here tell me what is the Authorization object that we use for role creation for query display?
  I want to assign a role to the newly designed query! that query does not have any role so far!
  Pls suggest me
  Thanks,
  Ravi

  Hi,
  I could make the authorization tab green by entering the authorization object!
  But user tab still remains red as it is not allowing me to enter my username in the user tab!
  in the user tab  i am unable to enter my user name?
  Any suggestions?
  Thanks,
  Ravi